This document explains how Typora complies with the EU General Data Protection Regulation (Regulation (EU) 2016/679, the “GDPR”), and, where applicable, the UK GDPR and Data Protection Act 2018.
It supplements, and should be read together with, our Privacy Policy. Where this document and the Privacy Policy describe the same practices, they are intended to be consistent; the Privacy Policy remains the primary description of what data Typora handles.
The short version: Typora is designed as a local-first application and does not collect or store personal data within the meaning of the GDPR. The only information we ever receive is anonymous, opt-in usage statistics, and material you choose to send us when you contact us for support.
The data controller responsible for the limited processing described below is:
Qiyun (Shanghai) Technology Ltd. (operating as “typora.io”)
You can reach us at [email protected] for any matter relating to data protection.
By design, Typora keeps your content and your activity on your own computer:
Because of this, in normal use we do not collect, store, or otherwise process any personal data relating to you within the meaning of Article 4(1) of the GDPR. There is, in most cases, no personal data held by us to access, rectify, or erase.
The only exceptions are the strictly limited categories described in the next two sections.
1. Anonymous usage statistics (opt-in). If — and only if — you enable “Send Anonymous Usage Info” in Typora’s preferences, Typora sends anonymous, aggregated usage data (such as the Typora version, operating system, screen resolution, locale, approximate country derived from IP address, names of high-level operations, and session duration). This data is collected for the sole purpose of producing overall, anonymous statistics about how Typora is used, and it does not identify you. The feature is off unless you turn it on, and you can opt out at any time in preferences.
Lawful basis (Article 6(1)(a) GDPR): consent. Processing of this anonymous usage information takes place only on the basis of the consent you give by enabling the option, which you may withdraw at any time by disabling it.
2. Support and feedback you choose to send us. When you report a bug or send feedback, you may choose to send us information such as your system version, the steps you took, sample Markdown files, or logs. Providing this is entirely voluntary, and you may decline to provide it. Such material is used only to diagnose and fix the issue you reported.
Lawful basis (Article 6(1)(f) GDPR): legitimate interests — namely, responding to your request for support and improving the reliability of the software — balanced against your rights, with all sample files used strictly for debugging and deleted on request once the relevant issue is resolved (see the Privacy Policy, “Feedbacks & Debug Contents”).
For the avoidance of doubt, Typora does not:
Under the GDPR you have the rights listed below. Because, as explained above, we generally hold no personal data about you, in most cases there will be nothing for us to retrieve, correct, or delete — but we will honor every verified request and respond accordingly:
Exercising these rights is free of charge, and doing so will never disadvantage you.
To make a request, email us at [email protected]. To protect you, we may ask for information reasonably necessary to confirm your identity before acting on a request. We will respond without undue delay and in any event within one month of receipt, as required by Article 12(3) GDPR; where a request is complex, we may extend this period by up to two further months and will tell you if we do.
We retain data only for as long as necessary for the purposes described above:
The data controller is established in Shanghai, China, and the limited processing described above may take place there or on servers operated by or for typora.io. Because the usage statistics we receive are anonymous and the support material is provided voluntarily by you, this processing does not involve a transfer of identifiable personal data out of the EEA in the ordinary course. Where any limited personal data you choose to send us is processed outside the EEA, we will treat it in accordance with this document and the Privacy Policy and apply appropriate safeguards.
Typora can launch other applications and services for added functionality — for example, image-upload scripts you configure, or Pandoc for import/export. These are launched only as a result of your own configuration or actions, are not installed automatically, and are independent of us. We have no control over, and accept no responsibility for, their data-protection practices. Please review their own policies. This mirrors the “3rd Party Apps & Services” and “External Sites” sections of our Privacy Policy.
For all data-protection enquiries, including any request to exercise the rights above, our point of contact is:
Data Protection Contact — typora.io Email: [email protected]
We have not appointed an EU representative under Article 27 GDPR, as our processing is occasional, does not involve the large-scale processing of personal data, and is unlikely to result in a risk to the rights and freedoms of data subjects. Data-subject requests should therefore be sent directly to the contact above.
If you believe our processing of your personal data infringes data-protection law, you have the right to lodge a complaint with a supervisory authority — in particular in the EU or UK Member State of your habitual residence, place of work, or the place of the alleged infringement (Article 77 GDPR). We would, however, appreciate the chance to address your concerns directly first, so please feel free to contact us at [email protected].
Typora is not directed at children under the age of 13, and we do not knowingly collect personal data from them. See the “Children’s Privacy” section of our Privacy Policy for details.
We may update this GDPR Compliance statement from time to time to reflect changes in our practices or the law. Any changes take effect once published on this page, and we encourage you to review it periodically.
If you have any questions about this document or how we handle data, please contact us at [email protected].